PRIVACY POLICY

1. Introduction

BE COMPLIANT SA (“Be Compliant” or “we”), is committed to protecting your Personal Data by complying with confidentiality as well as data protection laws and regulations.

This Privacy Notice applies to clients and prospective clients as well as all counterparties and prospective counterparties of Be Compliant and/or legal representatives, beneficial owners, control’s holder, directors, signatories and/or employees of clients and prospective clients as well as all counterparties and prospective counterparties of Be Compliant (“you”). This Privacy Notice covers Personal Data that is held electronically and also applies to paper-based filling systems.

(a) Explanation of terms used in this Privacy Notice

Personal Data means information about an individual (or a legal personal where the applicable data protection law covers such entities) from which that person can be identified. It does not include data from which personal information has been removed (anonymous data).

Special Category Personal Data means information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data.

2. Types of Personal Data collected

In the course of examining a prospective banking relationship with you and/ or providing services to you, we may process Personal Data and Special Category Personal Data. This typically includes the following information relating to you:

(a) Information received from you, including:

1. Personal contact details such as name, title, addresses, telephone numbers and personal email addresses;
2. Date of birth and place of birth;
3. Gender;
4. Marital status, dependants (name and age) and relations;
5. Copies of identification documents, such as national identity cards or passports;
6. National Insurance number, social security number or other national/ tax identifier;
7. Information relating to criminal convictions or offences;
8. Nationality, tax residence and country of residence;
9. Employment details, income and source of wealth;
10. Details of investments and assets owned and liabilities;
11. Knowledge of and experience in investment matters and where applicable, personal details of any agent or attorney;

(b) Information received from third parties, including:

1. The above categories;
2. Credit references;
3. Publicly available information on business and personal associates and assets owned;
4. Other information from third-party sources, such as wealth screening services, fraud prevention agencies, intermediaries;

(c) Information specific to our services, including:

1. Account numbers;
2. Balances;
3. Investment holdings;
4. Transaction data;
5. Records of phone calls or video captures;
6. Information automatically recorded when you access our websites, including date and time of the access and IP address;
7. Reports and statements;
8. Codewords;

(d) Special Category Personal Data

In some cases (where and under the modalities permitted by law), special categories of personal data, such as your political opinions or affiliations, health information, racial or ethnic origin, religious or philosophical beliefs.

(e) Other

In relation to the evaluation of your application and/ or the services we provide to you, you may provide us with information about your additional card holders or account holders, business partners (including other shareholders or beneficial owners), dependants or family members, representatives, and agents. Before providing us with this information, you should provide a copy of this notice to those persons and acquire, to the extent necessary, their prior consent for the relevant transfer of their data to us and the processing of their data by us.

3. Sources of Personal Data

We collect your Personal Data:

1. directly from you, e.g. in application forms and through information provided during the onboarding process, including background and reference checks;
2. when it is provided to us by a third party, e.g. public registers, credit reference agencies, , fraud prevention agencies, providers of enhanced due diligence reports and financial intermediaries; and
3. when information is created as a result of generally providing services to you;

4. How we use Personal Data

(a) Legal basis for using your Personal Data

We will only use your Personal Data when the law allows us to. Most commonly and depending on the situation in which we will use your Personal Data (see paragraph b below), we will use your Personal Data in the following circumstances:

1. Where we need to perform the contract we have entered into with you or in order to take steps at your request prior to entering into any such contract;
2. Where we need to comply with a legal obligation; and
3. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (e.g. assuring high level standards across Be Compliant Sa, ensuring compliance with our policies and procedures);
4. Where it is needed in the public interest;
5. Where necessary for the establishment, exercise and defense of legal claims;
6. Where we need to protect your interests (or someone else’s interests); and
7. In limited circumstances, where you have given your consent.

I Dati Personali che riguardano il cliente possono inoltre essere utilizzati nelle seguenti situazioni, seppur rare:

1. per proteggere gli interessi del cliente (o quelli di altri);
2. per ragioni di pubblico interesse; e
3. dopo aver ottenuto il consenso del cliente.

(b) Situations in which we may use your Personal Data

The situations in which we may process your Personal Data are listed below.

1. To confirm and verify your identity and credit status in relation to your application or account and, where applicable, conduct an appropriateness assessment;
2. To open, administer and operate your account and manage our relationship with you and to provide products or services to you (including carrying out or facilitating any transactions) as well as to improve the quality of our services;
3. To monitor and analyze the contract for your accounts and relationship with us, to ensure compliance with our internal policies and/ or procedures and to be able to monitor risks and report them;
4. To carry out business, operational and administrative activities, including record keeping and audits.
5. To carry out other activities, like Risk Management Reports, Corporate finance services, and/or other family office services.
6. To assess any credit limit or other credit decision (as well as the interest rate, fees and other changers to be applied to your account).
7. To carry out statistical and other analysis (including profiling based on the products or services that you use for us or in which you might be interested, how you like to be contacted, etc; To conduct a survey;
8. To comply with any applicable laws and regulations and /or any voluntary code or industry best practice we reasonably decide to adopt;
9. To comply with the request or requirement of any court of any relevant jurisdiction or any relevant tribunal, mediator, arbitrator, ombudsman, taxation authority or regulatory or governmental authority;
10. To carry out the detection, investigation and prevention of fraud, tax evasion, money laundering, bribery, corruption, terrorist financing and other crime or malpractice and oversee and report on such detection, investigation and prevention activities;
11. For use in connection with any legal proceedings or regulatory action (including prospective legal proceedings/ regulatory action) and for obtaining legal advice or for establishing, exercising or defending legal rights; and
12. To give you information and marketing (by post, telephone, email or other medium using the contract details you have given us) about events, products and services offered by us which we believe may be of interest to you.

(c) If you fail to provide Personal Data

If you fail to provide certain information when requested, we may not be able to enter into a contract with you/ perform the contract we have entered into with you. Please note that we may still process any available Personal Data.

5. Recipients of your Personal Data

We (and those parties to whom Personal Data is disclosed) may disclose Personal Data in the situations described below:

1. To any other companies which are at the time of disclosure in the Be Compliant Sa; in particular, several Be Compliant Sa entities may act as controllers of your data, i.e. determine the purposes and means of the processing of your data and may share them amongst each other. The resulting transfers may be based on one or more of the legal bases listed in section 4 (a) above, including the performance of the contract executed with you or taking steps at your request prior to entering into any such contract and/ or our legitimate interests and/ or the public interest. Processing may occur in one or more of the situations listed in section 4 (b) above, including the confirmation of your status in relation to your application or account and/ or the improvement of the quality of our services and/ or the monitoring of the compliance with internal policies and procedures, as well as the applicable legislation.
2. To third parties / processors of your Personal Data (including other Be Compliant Sa entities) who provide services to us or that act as our agents (or prospective third party service providers or prospective agents).
3. To third parties in connection with a reorganization (including investment), amalgamation, merger or transfer or sale of all or part of our business, including to any insurers and professional advisors, and any third parties to whom we assign, transfer or charge our interest in any financial product or service provided to you;
4. To any court of any relevant jurisdiction or any relevant tribunal, mediator, arbitrator, ombudsman, taxation authority or regulatory or governmental authority;
5. To public authorities, regulators or governmental bodies, when required by law or regulation.
6. To other financial institutions or organizations, payment recipients, clearing houses, clearing and settlement systems, stock exchanges, credit card associations etc., as the case might be;
7. To any guarantor, where your account is backed by a guarantee;
8. To our auditors and professional advisors (and those agents, auditors, service providers and professional advisors of other companies in the Be Compliant Sa);
9. To insurers and information providers; or
10. Otherwise if you consent to such disclosure.

6. Overseas transfers

The Recipients referred to in section 5 above may be located outside of Switzerland and the European Economic Area. In those cases, we implement the data protection regulatory requirements to ensure that any transfer of personal data outside of Switzerland and the European Economic Area is in compliance with the safeguards set out in data protection laws.

7. Retention of Personal Data

We will retain Personal Data for as long as necessary to fulfill the purpose for which it was collected or to comply with legal, regulatory, accounting, reporting or internal policy requirements. To determine the appropriate retention period for Personal Data, we consider the applicable legal requirements, as well as the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means.

Further information on the retention periods of Personal Data can be requested from your Client Relationship Officer and/or Data Protection Officer.

8. Your rights and duties

(a) You duty to inform us of changes

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.

(b) Your rights in connection with Personal Data

Under certain circumstances, and subject to applicable law, you have the right to:

1. Request access to your Persona Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you.
2. Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
3. Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
4. Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes by writing to your Client Relationship Officer or using any opt-out facility specified by us in the relevant marketing communication.
5. Richiedere la limitazione del trattamento dei propri Dati Personali. In questo modo, il cliente potrà ottenere la sospensione del trattamento, ad esempio se desidera che vengano verificate la correttezza dei dati o le finalità del trattamento.
6. Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
7. Where your data is processed by automated means and:

   . where we process your personal data on the basis of your consent, or
   . where such processing is necessary for entering into or performing our obligations under a contract with you,

   request the transfer of your Personal Data to another party (also known as “data portability”).
8. Where we process your personal data on the basis of your consent, withdraw that consent at any time. Please also note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. In certain circumstances, request not to be subject to automated decision-making, including profiling.

Certain of these rights are not absolute under the applicable legislation (as sometimes there may be overriding interests that require the processing to continue, for example); nonetheless we will consider your request and respond to you. Moreover, the exercise of some of these rights may result in non-examining/ rejecting your application or no longer being able to provide a product or service to you.

If you want to exercise your rights, as per above, please contact your Client Relationship Officer and/ or Data Protection Officer.

Finally, you have the right to lodge a complaint with the competent supervisory authority.

(c) No fee usually required

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee depending on the nature of the request and applicable regulation.

(d) What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.

(e) Queries relating to the processing of your Personal Data

If you have a query regarding the processing of your Personal Data please contact your Client Relationship Officer and/ or the Data Protection Officer.

9. Changes to this Privacy Notice

We reserve the right to update this Privacy Notice at any time, and we will notify you either in writing or by updating this Privacy Notice on our website at: www.be compliant.ch. We may also notify you in other ways from time to time about the processing of your Personal Data.